Skills
skills/xfstudio/skills/ciphey/Gen Agent Trust Hub

ciphey

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The script scripts/decrypt.py automatically attempts to install the ciphey package using brew install or pipx install if the binary is not detected. This introduces unverifiable external dependencies at runtime without version pinning or integrity validation.
  • COMMAND_EXECUTION (MEDIUM): The skill executes external commands (via Docker or local binary) using user-provided input. Although it uses a list-based argument approach which prevents direct shell injection, it still runs an external complex tool (ciphey) on untrusted data, which could exploit vulnerabilities in the tool or the container environment.
  • EXTERNAL_DOWNLOADS (LOW): The skill pulls and runs the remnux/ciphey Docker image. While REMnux is a reputable source, pulling unverified images at runtime is a supply chain risk.
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface detected:
  • Ingestion points: ciphertext parameter in scripts/decrypt.py (sourced from user input).
  • Boundary markers: None. The input is passed directly to the underlying tool.
  • Capability inventory: subprocess.run execution of external decryption tools.
  • Sanitization: None. The tool's output (decrypted text) is returned to the agent, which could contain malicious instructions designed to influence subsequent agent actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:30 PM